GHSA-fg9q-5cw2-p6r9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fg9q-5cw2-p6r9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-fg9q-5cw2-p6r9/GHSA-fg9q-5cw2-p6r9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fg9q-5cw2-p6r9
- Aliases
-
- CVE-2024-1725
- GO-2025-3512
- Published
- 2024-03-07T21:30:21Z
- Modified
- 2025-03-14T19:54:12Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- kubevirt-csi: PersistentVolume allows access to HCP's root node
- Details
-
A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node.
- Database specific
{ "nvd_published_at": "2024-03-07T20:15:50Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-501" ], "github_reviewed_at": "2025-03-11T20:07:55Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-1725
- https://github.com/kubevirt/csi-driver/commit/cc28dcbb0afca0a7cb8a73bc998ab49f864ed560
- https://access.redhat.com/errata/RHSA-2024:1559
- https://access.redhat.com/errata/RHSA-2024:1891
- https://access.redhat.com/errata/RHSA-2024:2047
- https://access.redhat.com/security/cve/CVE-2024-1725
- https://bugzilla.redhat.com/show_bug.cgi?id=2265398
- https://github.com/kubevirt/csi-driver
- https://pkg.go.dev/vuln/GO-2025-3512
Affected packages
Go / github.com/kubevirt/csi-driver
Package
- Name
- github.com/kubevirt/csi-driver
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/kubevirt/csi-driver